Lucene search

769c9ae7-73c3-4e47-ae19-903170fc3eb8NVD:CVE-2023-41699

HistoryNov 15, 2023 - 8:15 p.m.

CVE-2023-41699

2023-11-1520:15:07

CWE-601

769c9ae7-73c3-4e47-ae19-903170fc3eb8

web.nvd.nist.gov

cve-2023-41699

open redirect

payara server

servlet implementation

libraries

security vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.

Affected configurations

NVD

Node

payarapayaraRange4.1.2.191–4.1.2.191.46community

payarapayaraRange5.0.0–5.57.0enterprise

payarapayaraRange6.0.0–6.8.0enterprise

payarapayaraRange6.2023.1–6.2023.11community

References

docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html

docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for NVD:CVE-2023-41699